Legislation we work with
The Office of the Victorian Information Commissioner (OVIC) is established under the Freedom of Information Act 1982 (FOI Act) and has independent regulatory oversight of both the FOI Act and the Privacy and Data Protection Act 2014 (PDP Act).
Under the General Orders issues by the Premier, the Attorney General has administrative responsibility for the FOI Act and PDP Act.
The Freedom of Information Act 1982
Under the FOI Act, everyone has the right to request access to documents held by Victorian public sector agencies. This right of access is subject to limited exceptions and exemptions.
The FOI Act applies to all Victorian government departments and Ministers, local councils, public hospitals, public schools, universities and TAFEs, and statutory authorities.
Under the FOI Act, the key functions of OVIC include:
- promoting understanding and acceptance by agencies and the public of the FOI Act and its object;
- conducting reviews of decisions made by agencies and Ministers under the FOI Act;
- handling complaints made under the FOI Act;
- providing advice, education, and guidance to agencies and the public in relation to OVIC’s functions;
- developing and monitoring compliance with professional standards; and
- providing advice, education, and guidance to agencies and the public in relation to compliance with the professional standards.
The Privacy and Data Protection Act 2014
The PDP Act provides for the regulation of personal information and information security in Victoria.
In Victoria, everyone has privacy rights under the PDP Act, which contains 10 Information Privacy Principles (IPPs) that outline how Victorian public sector organisations must handle your personal information.
Additionally, the PDP Act provides for the issuing of the Victorian Protective Data Security Framework and Victorian Protective Data Security Standards which details information security practices that certain Victorian public sector agencies are required to implement.
Under the PDP Act, the key functions of OVIC include:
- promoting awareness and understanding of the IPPs;
- receiving complaints about possible breaches of the IPPs by the Victorian public sector;
- conducting audits to assess compliance with the IPPs;
- undertaking research, issuing reports, guidelines and other materials with regard to information privacy;
- developing the Victorian Protective Data Security Framework;
- issuing protective data security standards and promoting their uptake by the Victorian public sector;
- conducting monitoring and assurance activities to assess compliance with those standards; and
- undertaking research, issuing reports, guidelines and other materials with regard to information security.